Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 33.957460] audit: type=1800 audit(1542863664.230:33): pid=6063 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 33.978645] audit: type=1800 audit(1542863664.230:34): pid=6063 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 36.664928] audit: type=1400 audit(1542863666.940:35): avc: denied { map } for pid=6238 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.21' (ECDSA) to the list of known hosts. [ 116.683388] audit: type=1400 audit(1542863746.950:36): avc: denied { map } for pid=6252 comm="syz-execprog" path="/root/syz-execprog" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2018/11/22 05:15:47 parsed 1 programs [ 117.224801] audit: type=1400 audit(1542863747.500:37): avc: denied { map } for pid=6252 comm="syz-execprog" path="/sys/kernel/debug/kcov" dev="debugfs" ino=3324 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 118.851778] ld (6262) used greatest stack depth: 15296 bytes left 2018/11/22 05:15:49 executed programs: 0 [ 119.019817] IPVS: ftp: loaded support on port[0] = 21 [ 119.278197] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.285259] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.292570] device bridge_slave_0 entered promiscuous mode [ 119.312040] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.318916] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.325941] device bridge_slave_1 entered promiscuous mode [ 119.345868] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 119.364364] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 119.414957] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 119.435648] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 119.514895] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 119.522258] team0: Port device team_slave_0 added [ 119.539744] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 119.547067] team0: Port device team_slave_1 added [ 119.565386] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 119.587362] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 119.606500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 119.626337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 119.778386] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.784895] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.791894] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.798459] bridge0: port 1(bridge_slave_0) entered forwarding state [ 120.335219] 8021q: adding VLAN 0 to HW filter on device bond0 [ 120.390082] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 120.443698] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 120.450349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 120.457876] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 120.503811] 8021q: adding VLAN 0 to HW filter on device team0 [ 120.800453] audit: type=1400 audit(1542863751.070:38): avc: denied { associate } for pid=6266 comm="syz-executor0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 120.855279] [ 120.856955] ====================================================== [ 120.863251] WARNING: possible circular locking dependency detected [ 120.869550] 4.20.0-rc3+ #124 Not tainted [ 120.873588] ------------------------------------------------------ [ 120.879905] syz-executor0/6522 is trying to acquire lock: [ 120.885418] 000000002eed8f53 (sb_writers#4){.+.+}, at: mnt_want_write+0x3f/0xc0 [ 120.892859] [ 120.892859] but task is already holding lock: [ 120.898806] 0000000000cbe61b (&iint->mutex){+.+.}, at: process_measurement+0x438/0x1bf0 [ 120.907009] [ 120.907009] which lock already depends on the new lock. [ 120.907009] [ 120.915311] [ 120.915311] the existing dependency chain (in reverse order) is: [ 120.922991] [ 120.922991] -> #1 (&iint->mutex){+.+.}: [ 120.928443] __mutex_lock+0x166/0x16f0 [ 120.932833] mutex_lock_nested+0x16/0x20 [ 120.937399] process_measurement+0x438/0x1bf0 [ 120.942394] ima_file_check+0xe5/0x130 [ 120.946785] path_openat+0x134a/0x5150 [ 120.951176] do_filp_open+0x255/0x380 [ 120.955493] do_sys_open+0x568/0x700 [ 120.959706] __x64_sys_open+0x7e/0xc0 [ 120.964010] do_syscall_64+0x1b9/0x820 [ 120.968407] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 120.974236] [ 120.974236] -> #0 (sb_writers#4){.+.+}: [ 120.979685] lock_acquire+0x1ed/0x520 [ 120.983994] __sb_start_write+0x214/0x370 [ 120.988692] mnt_want_write+0x3f/0xc0 [ 120.993003] ovl_want_write+0x76/0xa0 [ 120.997403] ovl_open_maybe_copy_up+0x12c/0x190 [ 121.002590] ovl_open+0xb3/0x260 [ 121.006456] do_dentry_open+0x499/0x1250 [ 121.011016] dentry_open+0x143/0x1d0 [ 121.015390] ima_calc_file_hash+0x324/0x570 [ 121.020290] ima_collect_measurement+0x619/0x730 [ 121.025635] process_measurement+0x11fd/0x1bf0 [ 121.030722] ima_file_check+0xe5/0x130 [ 121.035113] path_openat+0x134a/0x5150 [ 121.039498] do_filp_open+0x255/0x380 [ 121.044016] do_sys_open+0x568/0x700 [ 121.048278] __x64_sys_open+0x7e/0xc0 [ 121.052586] do_syscall_64+0x1b9/0x820 [ 121.056975] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 121.062660] [ 121.062660] other info that might help us debug this: [ 121.062660] [ 121.070783] Possible unsafe locking scenario: [ 121.070783] [ 121.076822] CPU0 CPU1 [ 121.081466] ---- ---- [ 121.086235] lock(&iint->mutex); [ 121.089675] lock(sb_writers#4); [ 121.095627] lock(&iint->mutex); [ 121.101571] lock(sb_writers#4); [ 121.105003] [ 121.105003] *** DEADLOCK *** [ 121.105003] [ 121.111045] 1 lock held by syz-executor0/6522: [ 121.115601] #0: 0000000000cbe61b (&iint->mutex){+.+.}, at: process_measurement+0x438/0x1bf0 [ 121.124173] [ 121.124173] stack backtrace: [ 121.128655] CPU: 1 PID: 6522 Comm: syz-executor0 Not tainted 4.20.0-rc3+ #124 [ 121.136015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 121.145502] Call Trace: [ 121.148078] dump_stack+0x244/0x39d [ 121.151688] ? dump_stack_print_info.cold.1+0x20/0x20 [ 121.156861] ? vprintk_func+0x85/0x181 [ 121.160732] print_circular_bug.isra.35.cold.54+0x1bd/0x27d [ 121.166428] ? save_trace+0xe0/0x290 [ 121.170132] __lock_acquire+0x3399/0x4c20 [ 121.174269] ? kasan_check_read+0x11/0x20 [ 121.178404] ? mark_held_locks+0x130/0x130 [ 121.182626] ? find_held_lock+0x36/0x1c0 [ 121.186831] ? avc_has_perm+0x469/0x7e0 [ 121.190791] ? lock_downgrade+0x900/0x900 [ 121.194924] ? check_preemption_disabled+0x48/0x280 [ 121.199928] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 121.204838] ? kasan_check_read+0x11/0x20 [ 121.209033] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 121.214293] ? rcu_softirq_qs+0x20/0x20 [ 121.218258] ? zap_class+0x640/0x640 [ 121.221950] ? selinux_file_alloc_security+0xb4/0x190 [ 121.227123] ? security_file_alloc+0x4c/0xa0 [ 121.231522] ? zap_class+0x640/0x640 [ 121.235357] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 121.240877] ? avc_has_perm+0x55f/0x7e0 [ 121.244966] ? avc_has_perm_noaudit+0x630/0x630 [ 121.249623] lock_acquire+0x1ed/0x520 [ 121.253405] ? mnt_want_write+0x3f/0xc0 [ 121.257361] ? lock_release+0xa00/0xa00 [ 121.261318] ? perf_trace_sched_process_exec+0x860/0x860 [ 121.266750] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 121.272275] ? fsnotify+0x50e/0xef0 [ 121.275894] __sb_start_write+0x214/0x370 [ 121.280045] ? mnt_want_write+0x3f/0xc0 [ 121.284013] mnt_want_write+0x3f/0xc0 [ 121.287803] ovl_want_write+0x76/0xa0 [ 121.291591] ovl_open_maybe_copy_up+0x12c/0x190 [ 121.296244] ovl_open+0xb3/0x260 [ 121.299595] do_dentry_open+0x499/0x1250 [ 121.303645] ? ovl_llseek+0x110/0x110 [ 121.307440] ? chown_common+0x730/0x730 [ 121.311399] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 121.316925] ? percpu_counter_add_batch+0x141/0x190 [ 121.321924] dentry_open+0x143/0x1d0 [ 121.325621] ima_calc_file_hash+0x324/0x570 [ 121.329931] ima_collect_measurement+0x619/0x730 [ 121.334667] ? ima_get_action+0xa0/0xa0 [ 121.338627] process_measurement+0x11fd/0x1bf0 [ 121.343191] ? ima_add_template_entry.cold.4+0x3c/0x3c [ 121.348454] ? file_ra_state_init+0xd3/0x1e0 [ 121.352846] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 121.358369] ? find_held_lock+0x36/0x1c0 [ 121.362418] ? selinux_task_getsecid+0x1f9/0x3a0 [ 121.367157] ? lock_downgrade+0x900/0x900 [ 121.371289] ? check_preemption_disabled+0x48/0x280 [ 121.376309] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 121.381224] ? kasan_check_read+0x11/0x20 [ 121.385371] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 121.390630] ? rcu_softirq_qs+0x20/0x20 [ 121.394594] ? selinux_task_getsecid+0x220/0x3a0 [ 121.399335] ? selinux_socket_sock_rcv_skb+0x820/0x820 [ 121.404607] ? ovl_llseek+0x110/0x110 [ 121.408453] ima_file_check+0xe5/0x130 [ 121.412324] ? process_measurement+0x1bf0/0x1bf0 [ 121.417058] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 121.422248] path_openat+0x134a/0x5150 [ 121.426115] ? rcu_softirq_qs+0x20/0x20 [ 121.430071] ? unwind_dump+0x190/0x190 [ 121.433946] ? path_lookupat.isra.43+0xc00/0xc00 [ 121.438690] ? unwind_get_return_address+0x61/0xa0 [ 121.443598] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 121.448596] ? expand_files.part.8+0x571/0x9a0 [ 121.453171] ? find_held_lock+0x36/0x1c0 [ 121.457215] ? __alloc_fd+0x347/0x6e0 [ 121.461014] ? lock_downgrade+0x900/0x900 [ 121.465148] ? getname+0x19/0x20 [ 121.468511] ? kasan_check_read+0x11/0x20 [ 121.472695] ? do_raw_spin_unlock+0xa7/0x330 [ 121.477099] ? do_raw_spin_trylock+0x270/0x270 [ 121.481663] ? __lock_is_held+0xb5/0x140 [ 121.485706] ? __check_object_size+0xb1/0x782 [ 121.490189] ? _raw_spin_unlock+0x2c/0x50 [ 121.494335] ? __alloc_fd+0x347/0x6e0 [ 121.498122] do_filp_open+0x255/0x380 [ 121.501902] ? may_open_dev+0x100/0x100 [ 121.505868] ? get_unused_fd_flags+0x122/0x1a0 [ 121.510442] ? __alloc_fd+0x6e0/0x6e0 [ 121.514225] do_sys_open+0x568/0x700 [ 121.517954] ? filp_open+0x80/0x80 [ 121.521479] ? trace_hardirqs_off_caller+0x310/0x310 [ 121.526567] __x64_sys_open+0x7e/0xc0 [ 121.530366] do_syscall_64+0x1b9/0x820 [ 121.534237] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 121.539582] ? syscall_return_slowpath+0x5e0/0x5e0 [ 121.544494] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 121.549338] ? trace_hardirqs_on_caller+0x310/0x310 [ 121.554351] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 121.559350] ? prepare_exit_to_usermode+0x291/0x3b0 [ 121.564349] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 121.569189] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 121.574359] RIP: 0033:0x457569 [ 121.577557] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 121.596442] RSP: 002b:00007ffef0fa10c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 121.604130] RAX: ffffffffffffffda RBX: 0000000000000